Docker容器網絡
ip命令能夠手動操做網絡名稱空間html
IP命令所屬iptoute程序包web
[root@localhost ~]# rpm -q iproute iproute-3.10.0-87.el7.x86_64
添加網絡名稱空間docker
在網絡名稱空間中執行命令json
建立虛擬網卡對服務器
添加網絡名稱空間
ip netns addurl
[root@localhost ~]# ip netns add r1 [root@localhost ~]# ip netns add r2 [root@localhost ~]# ip netns list r2 r1
在網絡名稱空間中執行命令
ip netns exec
[root@localhost ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
建立虛擬網卡對
ip link add name veth1.1 type veth peer name veth1.2
add name veth1.1一半網卡叫什麼
type veth類型叫啥,veth虛擬以太網網卡
peer name另外一半網卡名字叫啥
[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:72:1c:ca brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:90:5b:af:47 brd ff:ff:ff:ff:ff:ff
4: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 96:8e:c2:e1:64:45 brd ff:ff:ff:ff:ff:ff
5: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether ae:f5:21:c7:db:37 brd ff:ff:ff:ff:ff:ff
將一個設備移到 一個名稱空間
[root@localhost ~]# ip link set dev veth1.2 netns r1
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:72:1c:ca brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:90:5b:af:47 brd ff:ff:ff:ff:ff:ff
5: veth1.1@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether ae:f5:21:c7:db:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@localhost ~]# ip netns exec r1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 96:8e:c2:e1:64:45 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
將r1中的veth1.2更名爲eth0
[root@localhost ~]# ip netns exec r1 ip link set dev veth1.2 name eth0
[root@localhost ~]# ip netns exec r1 ifconfig -a
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 96:8e:c2:e1:64:45 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
設置IP地址激活兩半網卡,並互相通訊
[root@localhost ~]# ifconfig veth1.1 10.1.0.1/24 up [root@localhost ~]# ip netns exec r1 ifconfig eth0 10.1.0.2/24 up [root@localhost ~]# ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.102 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=1.69 ms
r1和r2兩個名稱空間能夠實現通訊
[root@localhost ~]# ip link set dev veth1.1 netns r2 [root@localhost ~]# ip netns exec r2 ifconfig veth1.1 10.1.0.3/24 up [root@localhost ~]# ip netns exec r2 ping 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.049 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.057 ms
docker容器網絡設置
docker容器不設置網絡設備使用none網絡,實現封閉式容器
docker容器不設置網絡設備使用none網絡,實現封閉式容器)
[root@localhost ~]# docker run --name t1 -it --network none --rm busybox:latest
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
給容器設置主機名,其能夠實現主機名解析
[root@localhost ~]# docker run --name t1 -it --network bridge -h web1.keji.com --rm busybox:latest / # hostname web1.keji.com
爲容器指定指定dns
[root@localhost ~]# docker run --name t1 -it --network bridge -h web1.keji.com --dns 144.144.144.144 --rm busybox:latest / # cat /etc/resolv.conf nameserver 144.144.144.144
在外面給容器注入host文件解析結果
[root@localhost ~]# docker run --name t1 -it --network bridge -h web1.keji.com --dns 144.144.144.144 --add-host web1.keji.com:1.1.1.1 --rm busybox:latest / # cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet 1.1.1.1 web1.keji.com
-p選項暴露容器端口
將指定的容器端口映射至主機全部地址的一個動態端口
動態端口範圍是30000到32767之間的隨機端口
壞處是別人訪問時不知道端口是多少,好處是當容器有多個web時,能夠映射到多個端口上
[root@localhost ~]# docker run --name myweb --rm -p 80 dockerhaoran/httpd:v0.2
容器已運行,在另一個終端上打開內部訪問
[root@localhost ~]# docker inspect myweb
"IPAddress": "172.17.0.2",
[root@localhost ~]# curl 172.17.0.2
<h1>Busybox httpd server.</h1>
iptables查看生成的規則,被映射到宿主機的32769端口
[root@localhost ~]# iptables -t nat -vnl
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32769 to:172.17.0.2:80
頁面訪問http://10.192.45.116:32769/
Busybox httpd server.
將容器端口映射至指定的主機端口
[root@localhost ~]# docker port myweb 80/tcp -> 0.0.0.0:32769
容器的80端口映射到宿主機全部可用地址的32769端口上
[root@localhost ~]# docker kill myweb myweb [root@localhost ~]# docker run --name myweb --rm -p 10.192.45.116::80 dockerhaoran/httpd:v0.2
10.192.45.116::兩個冒號表宿主機端口,爲空表示隨機端口
[root@localhost ~]# docker port myweb 80/tcp -> 10.192.45.116:32768
指定容器映射的端口和IP地址
[root@localhost ~]# docker run --name myweb --rm -p 10.192.45.116:8080:80 dockerhaoran/httpd:v0.2
80端口映射到宿主機10.192.45.116的8080端口
[root@localhost ~]# docker port myweb 80/tcp -> 10.192.45.116:8080
[root@localhost ~]# docker run --name myweb --rm -p 80:80 dockerhaoran/httpd:v0.2
80:80宿主地址不給表示地址隨機
[root@localhost ~]# docker port myweb 80/tcp -> 0.0.0.0:80
共享指定容器網絡(聯盟式容器)
[root@localhost ~]# docker run --name b1 -it --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# docker run --name b2 -it --network container:b1 --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
在b2上開啓httpd服務
/ # echo "hello world" > /tmp/index.html / # httpd -h /tmp/ / # netstat -tul Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 :::80 :::* LISTEN
在b1上使用lo訪問
/ # wget -O - -q 127.0.0.1 hello world
共享宿主機網絡空間
[root@localhost ~]# docker run --name b1 -it --network host --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:72:1c:ca brd ff:ff:ff:ff:ff:ff
inet 10.192.45.116/21 brd 10.192.47.255 scope global dynamic enp0s3
valid_lft 3413sec preferred_lft 3413sec
inet6 fe80::a00:27ff:fe72:1cca/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:90:5b:af:47 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:90ff:fe5b:af47/64 scope link
valid_lft forever preferred_lft forever
啓動一個httpd服務
/ # echo "hello worlk" > /tmp/index.html / # httpd -h /tmp/ / # netstat -tunl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::80 :::* LISTEN
表示監聽在宿主機的80端口上
http://10.192.45.116/
hello world
自定義docker0橋的網絡屬性信息
須要修改配置文件/etc/docker/daemon.json文件
{
"bip": "10.0.0.1/16",
「default-gateway」:"10.20.1.1",
「dns」:["10.20.1.2","10.20.1.3"]
}
bip指docker0橋的IP地址,最主要的,只要指定好,別的值除了dns會自動計算得知
default-gateway指默認網關
dns指dns服務器地址,最多3個
[root@localhost ~]# systemctl stop docker
[root@localhost ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://qijo5n63.mirror.aliyuncs.com"],
"bip": "10.0.0.1/16"
}
[root@localhost ~]# systemctl start docker
[root@localhost ~]# ip a
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:90:5b:af:47 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:90ff:fe5b:af47/64 scope link
valid_lft forever preferred_lft forever
docker守護進程的c/s,其默認僅監聽Unix Socket格式的地址,/var/run/docker.sock;若是使用TCP套接字,
/etc/docker/daemon.json:
"hosts": ["tcp://10.0.0.0:2375","unix:///var/run/docker.sock"]
也可向docker直接傳遞「-H|--host」選項;
[root@localhost ~]# systemctl stop docker
[root@localhost ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://qijo5n63.mirror.aliyuncs.com"],
"bip": "10.0.0.1/16",
"host": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
[root@localhost ~]# systemctl start docker
建立別的橋
[root@localhost ~]# docker network create -d bridge --subnet "172.26.0.0/16" --gateway "172.26.0.1" mybr0 c7cc44b020fd5fe2fe7435b7e19826f8d43576b7a9f86607034e44781ba1ca4a
docker network create建立橋
-d bridge指定橋的類型,bridge類型
--subnet "172.26.0.0/16"指定ipv4子網
--gateway "172.26.0.1"指定網關
[root@localhost ~]# ip a
26: br-c7cc44b020fd: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:60:51:fa:c0 brd ff:ff:ff:ff:ff:ff
inet 172.26.0.1/16 brd 172.26.255.255 scope global br-c7cc44b020fd
valid_lft forever preferred_lft forever
網絡名叫mybr0,可是接口名不是mybr0,
[root@localhost ~]# ifconfig br-c7cc44b020fd down [root@localhost ~]# ip link set dev br-c7cc44b020fd name docker1
先關閉這個接口,在該設備名
相關文章
- 1. docker容器網絡
- 2. Docker容器網絡
- 3. Docker容器網絡指南
- 4. docker 容器網絡篇
- 5. Docker容器及kubernetes網絡
- 6. Docker網絡--容器通訊
- 7. docker(7、容器網絡3) macvlan 網絡
- 8. 企業—Docker容器之docker網絡
- 9. docker overlay 跨主機容器網絡
- 10. Docker 自定義容器網絡
- 更多相關文章...
- • Docker 容器連接 - Docker教程
- • Docker 容器使用 - Docker教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 字節跳動21屆秋招運營兩輪面試經驗分享
- 2. Java 3 年,25K 多嗎?
- 3. mysql安裝部署
- 4. web前端開發中父鏈和子鏈方式實現通信
- 5. 3.1.6 spark體系之分佈式計算-scala編程-scala中trait特性
- 6. dataframe2
- 7. ThinkFree在線
- 8. 在線畫圖
- 9. devtools熱部署
- 10. 編譯和鏈接
歡迎關注本站公眾號,獲取更多信息
相關文章